activesambaldap 0.0.1

data/bin/asl-userdel

@@ -0,0 +1,75 @@
+#!/usr/bin/env ruby
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+  options.remove_home_directory = false
+  options.interactive = false
+  options.computer_account = false
+
+  opts.banner += " USER_NAME"
+
+  opts.on("-c", "--[no-]computer-account",
+          "is a Windows Workstation",
+          "(otherwise, Windows user)",
+          "(#{options.computer_account})") {|options.computer_account|}
+
+  opts.on("-r", "--[no-]remove-home-directory",
+          "remove home directory (#{options.remove_home_directory})") do |bool|
+    options.remove_home_directory = bool
+  end
+
+  opts.on("-i", "--[no-]interactive",
+          "do interactively (#{options.interactive})") do |bool|
+    options.interactive = bool
+  end
+end
+
+name = nil
+if argv.size == 1
+  name = argv.first
+else
+  $stderr.puts opts
+  exit 1
+end
+
+unless Process.uid.zero?
+  $stderr.puts "need root authority."
+  exit 1
+end
+
+ActiveSambaLdap::Base.establish_connection("update")
+
+class User < ActiveSambaLdap::SambaUser
+  ldap_mapping
+end
+
+class Computer < ActiveSambaLdap::SambaComputer
+  ldap_mapping
+end
+
+class Group < ActiveSambaLdap::SambaGroup
+  ldap_mapping
+end
+
+member_class = options.computer_account ? Computer : User
+member_type = member_class.name.downcase
+
+if options.computer_account
+  name = name.chomp("$") + "$"
+end
+
+unless member_class.exists?(name)
+  $stderr.puts "#{member_type} '#{name}' doesn't exist."
+  exit 1
+end
+member = member_class.find(name)
+
+member.destroy(:removed_from_group => true,
+               :remove_home_directory => options.remove_home_directory,
+               :remove_home_directory_interactive => options.interactive)
+
+ActiveSambaLdap::Base.restart_nscd
+
+ActiveSambaLdap::Base.clear_active_connections!

data/bin/asl-usermod

@@ -0,0 +1,335 @@
+#!/usr/bin/env ruby
+
+require 'time'
+require 'fileutils'
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+  options.computer_account = false
+  options.gecos = nil
+  options.home_directory = nil
+  options.move_home_directory = false
+  # options.inactive_days = nil
+  options.new_user_name = nil
+  options.uid = nil
+  options.allow_non_unique_uid_number = false
+  options.gid = nil
+  options.merge_groups = true
+  options.supplementary_groups = nil
+  options.shell = nil
+  options.given_name = nil
+  options.canonical_name = nil
+  options.surname = nil
+
+  options.expire_date = nil
+  options.can_change_password = nil
+  options.must_change_password = nil
+  options.samba_home_path = nil
+  options.samba_home_drive = nil
+  options.samba_logon_script = nil
+  options.samba_profile_path = nil
+  options.samba_account_flags = nil
+  options.enable = nil
+  options.mail_addresses = nil
+  options.mail_to_addresses = nil
+
+
+  opts.banner += " USER_NAME"
+
+  opts.on("-c", "--[no-]computer-account",
+          "is a Windows Workstation",
+          "(otherwise, Windows user)",
+          "(#{options.computer_account})") {|options.computer_account|}
+
+  opts.on("--gecos=GECOS", "gecos") {|options.gecos|}
+  opts.on("-d", "--home-directory=HOME_DIR",
+          "home directory") {|options.home_directory|}
+  opts.on("-m", "--[no-]move-home-directory",
+          "move home directory (#{options.move_home_directory})") do |bool|
+    options.move_home_directory = bool
+  end
+  opts.on("-r", "--rename=NEW_NAME",
+          "new user name (cn and dn are updated)") do |name|
+    options.new_user_name = name
+  end
+  opts.on("-u", "--uid=UID", Integer, "uid") {|options.uid|}
+  opts.on("--[no-]allow-non-unique-uid",
+          "uid can be non unique " +
+          "(#{options.allow_non_unique_uid_number})") do |bool|
+    options.allow_non_unique_uid_number = bool
+  end
+  opts.on("-g", "--gid=GID", "gid") {|options.gid|}
+  opts.on("-G", "--groups=GID1,GID2,GID3", Array,
+          "supplementary groups (comma separated)") do |groups|
+    options.supplementary_groups = groups
+  end
+  opts.on("--[no-]merge-groups",
+          "replace supplementary groups " +
+          "(#{!options.merge_groups})") {|options.merge_groups|}
+  opts.on("-s", "--shell=SHELL", "shell") {|options.shell|}
+  opts.on("--given-name=NAME", "given name") {|options.given_name|}
+  opts.on("-N", "--canonical-name=NAME",
+          "canonical name") {|options.canonical_name|}
+  opts.on("-S", "--surname=NAME", "surname") {|options.surname|}
+
+  opts.separator("")
+  opts.separator("For samba users:")
+
+  opts.on("-e", "--expire-date=DATE", "expire date") do |date|
+    options.expire_date = Time.parse(date)
+  end
+  opts.on("-C", "--[no-]can-change-password",
+          "can change password") do |bool|
+    options.can_change_password = bool
+  end
+  opts.on("-M", "--[no-]must-change-password",
+          "must change password") do |bool|
+    options.must_change_password = bool
+  end
+  opts.on("--samba-home-path=PATH",
+          "sambaHomePath",
+          "(SMB home share, like '\\\\PDC\\user'") do |path|
+    options.samba_home_path = path
+  end
+  opts.on("--samba-home-drive=DRIVE",
+          "sambaHomeDrive",
+          "(letter associated with home share,",
+          " like 'H:')") do |drive|
+    options.samba_home_drive = drive
+  end
+  opts.on("--samba-logon-script=SCRIPT",
+          "sambaLogonScript",
+          "(DOS script to execute on login)") do |script|
+    options.samba_logon_script = script
+  end
+  opts.on("--samba-profile-path=PATH",
+          "sambaProfilePath",
+          "(profile directory,",
+          " like '\\\\PDC\\profiles\\user')") do |path|
+    options.samba_profile_path = path
+  end
+  opts.on("--samba-account-flags=FLAGS",
+          "sambaAcctFlags",
+          "(samba account control bits,",
+          " like '[NDHTUMWSLXI]')") {|options.samba_account_flags|}
+  opts.on("-D", "--[no-]disable-user", "disable an user") do |bool|
+    options.enable = !bool
+  end
+  opts.on("-E", "--[no-]enable-user", "enable an user") do |bool|
+    options.enable = bool
+  end
+#   opts.on("--mail-addresses=ADDRESS1,ADDRESS2,ADDRESS3",
+#           Array,
+#           "mailAddresses (comma separated)") {|options.mail_addresses|}
+#   opts.on("--mail-to-addresses=ADDRESS1,ADDRESS2,ADDRESS3",
+#           Array,
+#           "mailToAddresses (forward address)",
+#           "(comma separated)") do |addresses|
+#     options.mail_to_addresses = addresses
+#   end
+end
+
+name = nil
+if argv.size == 1
+  name = argv.first
+else
+  $stderr.puts opts
+  exit 1
+end
+
+ActiveSambaLdap::Base.establish_connection("update")
+
+class User < ActiveSambaLdap::SambaUser
+  ldap_mapping
+end
+
+class Computer < ActiveSambaLdap::SambaComputer
+  ldap_mapping
+end
+
+class Group < ActiveSambaLdap::SambaGroup
+  ldap_mapping
+end
+
+options.computer_account = true if /\$$/ =~ name
+
+member_class = options.computer_account ? Computer : User
+member_type = member_class.name.downcase
+
+if options.computer_account
+  name = name.chomp("$") + "$"
+end
+
+unless member_class.exists?(name)
+  $stderr.puts "#{member_type} '#{name}' doesn't exist."
+  exit 1
+end
+member = member_class.find(name)
+
+unless Process.uid.zero?
+  password = ActiveSambaLdap::Command.read_password("Enter your password: ")
+
+  auth_class = Class.new(ActiveSambaLdap::Base)
+  config = ActiveSambaLdap::Base.configurations["reference"]
+  begin
+    auth_class.establish_connection(config.merge(:bind_dn => member.dn,
+                                                 :password => password,
+                                                 :allow_anonymous => false))
+  rescue ActiveLdap::AuthenticationError
+    $stderr.puts "password isn't match"
+    exit 1
+  ensure
+    auth_class.remove_connection
+  end
+end
+
+if options.uid
+  begin
+    member.change_uid_number(options.uid, options.allow_non_unique_uid_number)
+  rescue ActiveSambaLdap::UidNumberAlreadyExists
+    $stderr.puts $!.message
+    exit 1
+  end
+end
+
+if options.gid
+  begin
+    member.primary_group = Group.find_by_name_or_gid_number(options.gid)
+  rescue ActiveSambaLdap::Error
+    $stderr.puts $!.message
+    exit 1
+  end
+end
+
+if options.shell
+  member.login_shell = options.shell
+end
+
+if options.gecos
+  member.gecos = options.gecos
+  member.description = options.gecos
+  member.display_name = options.gecos
+end
+
+if options.home_directory
+  if options.move_home_directory and !File.exist?(options.home_directory)
+    FileUtils.mv(member.home_directory, options.home_directory)
+  end
+  member.home_directory = options.home_directory
+end
+
+if options.canonical_name
+  member.cn = options.canonical_name
+end
+
+if options.surname
+  member.sn = options.surname
+end
+
+if options.given_name
+  member.given_name = options.given_name
+end
+
+if options.mail_addresses
+  raise "not implemented"
+end
+
+if options.mail_to_addresses
+  raise "not implemented"
+end
+
+if options.supplementary_groups
+  member.groups = [] unless options.merge_groups
+  member.groups = options.supplementary_groups.collect do |group|
+    begin
+      Group.find_by_name_or_gid_number(group)
+    rescue ActiveSambaLdap::GidNumberDoesNotExist
+      $stderr.puts $!
+      exit 1
+    end
+  end
+end
+
+if options.expire_date
+  member.samba_kickoff_time = options.expire_date.to_i.to_s
+end
+
+if options.samba_account_flags
+  member.samba_acct_flags = options.samba_account_flags
+end
+
+unless options.can_change_password.nil?
+  if options.can_change_password
+    member.enable_password_change
+  else
+    member.disable_password_change
+  end
+end
+
+unless options.must_change_password.nil?
+  if options.must_change_password
+    member.enable_forcing_password_change
+  else
+    member.disable_forcing_password_change
+  end
+end
+
+if options.samba_home_path
+  member.samba_home_path = options.samba_home_path
+end
+
+if options.samba_home_drive
+  member.samba_home_drive = options.samba_home_drive.sub(/([^:])$/, "\\1:")
+end
+
+if options.samba_logon_script
+  member.samba_logon_script = options.samba_logon_script
+end
+
+if options.samba_profile_path
+  member.samba_profile_path = options.samba_profile_path
+end
+
+unless options.enable.nil?
+  if options.enable
+    member.enable
+  else
+    member.disable
+  end
+end
+
+member.save!
+
+if options.new_user_name
+  if options.computer_account
+    options.new_user_name = options.new_user_name.chomp("$") + "$"
+  end
+  if member_class.exists?(options.new_user_name)
+    $stderr.puts "#{member_type} '#{options.new_user_name}' always exists."
+    exit 1
+  end
+  new_member = member_class.new(options.new_user_name)
+
+  new_member.cn = options.new_user_name
+  new_member.attributes = member.attributes.reject do |key, value|
+    %w(dn cn uid).include?(key)
+  end
+  new_member.save!
+  member.groups.each do |group|
+    if options.computer_account
+      group.computers -= [member]
+      group.computers << new_member
+    else
+      group.users -= [member]
+      group.users << new_member
+    end
+  end
+
+  member.destroy
+end
+
+ActiveSambaLdap::Base.restart_nscd
+
+ActiveSambaLdap::Base.clear_active_connections!

data/bin/asl-usershow

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+  opts.banner += " USER_NAME"
+end
+
+name = nil
+if argv.size == 1
+  name = argv.first
+else
+  $stderr.puts opts
+  exit 1
+end
+
+ActiveSambaLdap::Base.establish_connection("reference")
+
+class User < ActiveSambaLdap::SambaUser
+  ldap_mapping
+end
+
+unless User.exists?(name)
+  $stderr.puts "user '#{name}' doesn't exist."
+  exit 1
+end
+user = User.find(name)
+puts user.to_ldif
+
+ActiveSambaLdap::Base.clear_active_connections!

data/lib/active_samba_ldap/account.rb

@@ -0,0 +1,199 @@
+require 'time'
+require 'fileutils'
+require 'English'
+
+module ActiveSambaLdap
+  module Account
+    NAME_RE_SRC = "(?!\\d)[\\w @_\\-\\.]+"
+
+    def self.included(base)
+      super
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def ldap_mapping(options={})
+        options = default_options.merge(options)
+        super(extract_ldap_mapping_options(options))
+        belongs_to :primary_group, primary_group_options(options)
+        belongs_to :groups, groups_options(options)
+      end
+
+      def find_by_uid_number(number)
+        options = {:objects => true}
+        attribute = "uidNumber"
+        value = Integer(number)
+        find(:first, :filter => "(#{attribute}=#{value})")
+      end
+
+      private
+      def default_options
+        {
+          :dn_attribute => "uid",
+          :ldap_scope => :sub,
+          :primary_group_class => default_group_class,
+          :primary_group_foreign_key => "gidNumber",
+          :primary_group_primary_key => "gidNumber",
+          :groups_class => default_group_class,
+          :groups_many => "memberUid",
+          :prefix => default_prefix,
+          :classes => default_classes,
+        }
+      end
+
+      def default_group_class
+        "Group"
+      end
+
+      def default_classes
+        ["top", "inetOrgPerson", "posixAccount"]
+      end
+
+      def primary_group_options(options)
+        {
+          :class => options[:primary_group_class],
+          :foreign_key => options[:primary_group_foreign_key],
+          :primary_key => options[:primary_group_primary_key],
+        }
+      end
+
+      def groups_options(options)
+        {
+          :class => options[:groups_class],
+          :many => options[:groups_many],
+        }
+      end
+
+      def prepare_create_options(account, options)
+        prepare_create_options_for_number(:uid_number, account, options)
+      end
+    end
+
+    def fill_default_values(options={})
+      self.cn ||= uid
+      self.sn ||= uid
+      self.given_name ||= uid
+      self.display_name ||= cn
+      self.gecos ||= substituted_value(:user_gecos) {cn}
+      self.home_directory ||= substituted_value(:user_home_directory)
+      self.login_shell ||= self.class.configuration[:user_login_shell]
+
+      password = options[:password]
+      change_password(password) if password
+      self.user_password ||= "{crypt}x"
+
+      uid_number = options[:uid_number]
+      self.change_uid_number(uid_number) if uid_number
+
+      group = options[:group] || retrieve_default_group(options)
+      self.primary_group = group if group
+
+      self
+    end
+
+    def destroy(options={})
+      if options[:removed_from_group]
+        groups.each do |group|
+          remove_from_group(group)
+        end
+      end
+      dir = home_directory
+      need_remove_home_directory =
+        options[:remove_home_directory] && !new_entry?
+      super()
+      if need_remove_home_directory and File.directory?(dir)
+        if options[:remove_home_directory_interactive]
+          system("rm", "-r", "-i", dir)
+        else
+          FileUtils.rm_r(dir)
+        end
+      end
+      new_entry?
+    end
+
+    def change_uid_number(uid, allow_non_unique=false)
+      check_unique_uid_number(uid) unless allow_non_unique
+      self.uid_number = Integer(uid).to_s
+    end
+
+    def change_password(password)
+      hash_type = self.class.configuration[:password_hash_type]
+      hashed_password = ActiveLdap::UserPassword.__send__(hash_type, password)
+      self.user_password = hashed_password
+    end
+
+    def setup_home_directory(options={})
+      dest = home_directory
+      return unless dest
+
+      FileUtils.mkdir_p(dest)
+      mode = options[:mode]
+      mode ||= self.class.configuration[:user_home_directory_mode]
+      FileUtils.chmod(Integer(mode), dest)
+      skel = options[:skeleton_directory]
+      skel ||= self.class.configuration[:skeleton_directory]
+      FileUtils.cp_r(Dir.glob(File.join(skel, ".*")) +
+                     Dir.glob(File.join(skel, "*")) -
+                     [File.join(skel, "."), File.join(skel, "..")],
+                     dest)
+      FileUtils.chown_R(uid_number, gid_number, dest)
+    end
+
+    private
+    def check_unique_uid_number(uid_number)
+      ActiveSambaLdap::Base.restart_nscd do
+        if self.class.find_by_uid_number(uid_number)
+          raise UidNumberAlreadyExists.new(uid_number)
+        end
+      end
+    end
+
+    def substitute_template(template)
+      template.gsub(/%U/, uid)
+    end
+
+    def substituted_value(key)
+      config = self.class.configuration
+      if block_given?
+        value = config[key.to_sym]
+        if value
+          substitute_template(value)
+        else
+          yield
+        end
+      else
+        substitute_template(config[key.to_sym])
+      end
+    end
+
+    def created_group_name
+      uid
+    end
+
+    def retrieve_default_group(options={})
+      group = nil
+
+      gid_number = options[:gid_number]
+      group_class = options[:group_class]
+      unless gid_number
+        if options[:create_group]
+          group_name = created_group_name
+          if group_class.exists?(group_name)
+            group = group_class.find(group_name)
+          else
+            group = group_class.create(:cn => group_name,
+                                       :pool => options[:pool],
+                                       :pool_class => options[:pool_class])
+          end
+        else
+          gid_number = default_gid_number
+        end
+      end
+      if gid_number
+        group = group_class.find_by_gid_number(gid_number)
+      end
+
+      group
+    end
+  end
+end